See What a Digital Footprint Looks Like

In this demonstration, we will be examining the www.riskiq.com domain using RiskIQ Digital Footprint Community Edition. We will be demonstrating how the RiskIQ Digital Footprint Community Edition automatically builds, classifies and connects an organization’s digital footprint together without any human involvement with stunning results. Insights will be featured, demonstrating how users can gain a greater understanding of an external host’s purpose and relationship to an organization.

Today we will examine the Digital Footprint for www.riskiq.com. The features I’ll demonstrate are available within RiskIQ PassiveTotal Community Edition. First a brief introduction to RiskIQ. RiskIQ provides comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. Our digital threat management platform offers unified visibility and control for external security issues across web, social, and mobile channels. We utilize our own threat intelligence that employs multiple techniques and technology to gather, capture, analyze, curate, and monitor petabytes of public and proprietary internet data sets. And we have solutions that support various tasks of different security teams to identify, analyze and respond to threats outside the firewall.

What is a digital footprint? A digital footprint is comprised of all the external assets that belong to an organization such as web servers, and web applications that are accessible from the internet.

Let’s talk about Digital Footprint. Digital Footprint allows threat defenders a full understanding of the digital attack surface–the known, unknown, and rogue internet-facing assets that can be attacked and compromised by attackers. It offers the means to identify external assets, actively monitor crucial changes, and allow staff to pinpoint issues to resolve in order to reduce the attack surface and maintain asset management compliance.

Today I’ll be doing a demonstration of RiskIQ Digital Footprint Community Edition. I’ll be showing just how well RiskIQ Digital Footprint automatically builds, classifies and connects an organization’s digital footprint, without any human involvement, with stunning results. Let’s start our demonstration of Digital Footprint.

Recently, I was searching www.riskiq.com domain using RiskIQ PassiveTotal. While looking at the digital footprint, I saw something that alarmed me at first glance. I thought it was a mistake or we had a serious issue. Our system showed that www.riskiq.com had a blacklisted host and it was serving malware. Alarms went off for me. I started calling, texting, and e-mailing operations team members, as I needed to let them know we had a potential server serving malware in our domain, or it was a major mistake in our data set. An operations team member quickly educated me. They informed me that RiskIQ has customers that run website ad exchange networks–the ad exchanges used by websites to serve ads on their websites. Some ad exchange networks contract with RiskIQ to check every ad before production to check for malware using our automated virtual crawling technology. A RiskIQ server serves the ad, just like a website does. Then RiskIQ uses its automated virtual user crawling technology to check the ad for malware. Therefore, RiskIQ finds malware and ads ALL THE TIME. But in this circumstance, it’s on our own server, and the public is not exposed to the infected ad with malware.

So yes, RiskIQ is serving malware from that host which is tagged correctly, that it’s serving malware. This is expected because we’re checking ads for malware and tagging the server when the malware is detected and adding the server automatically to our blacklist of malicious servers. This allows the ad exchange networks to make sure that the ads that they are serving to their customers are clean and do not contain malware.